diff --git a/include/opendht/crypto.h b/include/opendht/crypto.h
index d9543c037d314b5d8338961201e7aff7955c0021..83d2cb90d2171328b241de827a59eadb94b33ea1 100644
--- a/include/opendht/crypto.h
+++ b/include/opendht/crypto.h
@@ -80,6 +80,8 @@ struct OPENDHT_PUBLIC PublicKey
      * Takes ownership of an existing gnutls_pubkey.
      */
     PublicKey(gnutls_pubkey_t k) : pk(k) {}
+
+    /** Import public key from serialized data */
     PublicKey(const uint8_t* dat, size_t dat_size);
     PublicKey(const Blob& pk) : PublicKey(pk.data(), pk.size()) {}
     PublicKey(PublicKey&& o) noexcept : pk(o.pk) { o.pk = nullptr; };
diff --git a/src/crypto.cpp b/src/crypto.cpp
index cf36bc6da86b41e3e4a5843d3a4aca6eb88eb233..78ccb0825b005b11456e90aacc8e117852f557ac 100644
--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -710,13 +710,13 @@ CertificateRequest::sign(const PrivateKey& key, const std::string& password)
 }
 
 bool
-CertificateRequest::verify() const 
+CertificateRequest::verify() const
 {
     return gnutls_x509_crq_verify(request, 0) >= 0;
 }
 
-Blob 
-CertificateRequest::pack() const 
+Blob
+CertificateRequest::pack() const
 {
     gnutls_datum_t dat {nullptr, 0};
     if (auto err = gnutls_x509_crq_export2(request, GNUTLS_X509_FMT_PEM, &dat))
@@ -727,7 +727,7 @@ CertificateRequest::pack() const
 }
 
 std::string
-CertificateRequest::toString() const 
+CertificateRequest::toString() const
 {
     gnutls_datum_t dat {nullptr, 0};
     if (auto err = gnutls_x509_crq_export2(request, GNUTLS_X509_FMT_PEM, &dat))
@@ -1147,8 +1147,8 @@ void
 setRandomSerial(gnutls_x509_crt_t cert)
 {
     random_device rdev;
-    std::uniform_int_distribution<uint64_t> dist{};
-    uint64_t cert_serial = dist(rdev);
+    std::uniform_int_distribution<int64_t> dist{1};
+    int64_t cert_serial = dist(rdev);
     gnutls_x509_crt_set_serial(cert, &cert_serial, sizeof(cert_serial));
 }